filter {
  if "mariadb" in [index_name] {
    grok {
      match => {
        "message" => [
          "%{TIMESTAMP_ISO8601:log_timestamp} %{INT} \[%{WORD:log_level}\] %{GREEDYDATA:log_message}"
        ]
      }
      remove_field => "message"
    }
    date {
      match => [ "log_timestamp", "ISO8601"]
      remove_field => "log_timestamp"
    }
  }
}
